Install Anti-virus SoftwareRegardless of whether you use Mac or Windows, anti-virus software is becoming a must. We recommend using a free option, such as Sophos Home or Windows Defender.

Use Memorable, Long “Passphrases”Easy to remember; hard to guess. A strong password is often a passphrase, like “Elementary m’dear Watts1”, with substitutions so that it is not common english. Refer to our Password Management Best Practices FAQ for more information.

Avoid PhishingBefore you click on an email link, take a moment to question the legitimacy of the email and think about what sort of information the sender is asking you to provide. When in doubt, contact the sender to check if it’s valid, check Inside Davidson for recent phishing reports, and/or report the email to ITS.

Phishing attack examples:

Google Docs OAuth Attack (2016). An attacker sent an invitation to edit a Google Doc. When clicked, a pop-up window asked the user to allow the “application” to perform certain actions (i.e. view contacts, etc). Clicking allow then gave the attacker rights to perform those authorized actions.

Banner Credentials Attack (2017). A compromised Davidson account was used to send demands for “Outstanding payments.” The link led to a page asking for Banner credentials and, upon entering any information, the page displayed a “wrong password” alert. This technique is often used to gain further credentials and to dissuade users from reporting a phish.

Dropbox Trojan (2017). A compromised Davidson account was used to send invitations to edit a “Dropbox document.” After clicking on the link, a virus called a Trojan, a type of malware that performs activities without the user’s knowledge, was downloaded.

Keep your Devices UpdatedSoftware updates for your browsers, plugins, operating systems, etc. often fix weaknesses that can be exploited by hackers. Failing to perform updates puts your system at risk.

Seek out “Secure” https:// sitesSites that have “https” in the url have an added layer of protection that helps ensure the safety of visitors. If you are ever unsure about the legitimacy of a website, check the top left side of the URL box in your browser for an indicator. (See the image below.)

Enable Two-Factor AuthenticationIf the information you’re accessing is confidential or sensitive, you might consider enabling two-factor authentication (usually under an app’s security settings) as an added layer of protection.

Note: All Davidson employees will soon have the option to sign up for Duo Two-Factor Authentication. Be on the lookout for updates in Fall 2017!

Store Important Info DeliberatelyBe aware that sites like Google Docs and Dropbox may not be as secure as you would like. Before storing important information in them, be sure to educate yourself on the security implications for both.

For employees: If you handle “Confidential” Data, as defined in the ADS policy, be sure to contact ITS about the appropriate way to store those materials.